Export limit exceeded: 359472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34113 | 1 Dataease | 1 Dataease | 2024-11-21 | 9.8 Critical |
| An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. | ||||
| CVE-2022-34110 | 1 Msi | 1 Micro-star International Feature Navigator | 2024-11-21 | 5.5 Medium |
| An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. | ||||
| CVE-2022-34109 | 1 Msi | 1 Micro-star International Feature Navigator | 2024-11-21 | 7.1 High |
| An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. | ||||
| CVE-2022-34108 | 1 Msi | 1 Micro-star International Feature Navigator | 2024-11-21 | 7.1 High |
| An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. | ||||
| CVE-2022-34100 | 1 Crestron | 1 Airmedia | 2024-11-21 | 8.8 High |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. | ||||
| CVE-2022-34056 | 1 Pypi | 1 Watertools | 2024-11-21 | 9.8 Critical |
| The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34055 | 1 Pypi | 1 Drxhello | 2024-11-21 | 9.8 Critical |
| The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34054 | 1 Pypi | 1 Perdido | 2024-11-21 | 9.8 Critical |
| The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34053 | 1 Pypi | 1 Dr-web-engine | 2024-11-21 | 9.8 Critical |
| The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34032 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | ||||
| CVE-2022-34031 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. | ||||
| CVE-2022-34030 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. | ||||
| CVE-2022-34028 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. | ||||
| CVE-2022-34027 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | ||||
| CVE-2022-33993 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2024-11-21 | 5.3 Medium |
| Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | ||||
| CVE-2022-33992 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2024-11-21 | 7.5 High |
| DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. | ||||
| CVE-2022-33987 | 2 Got Project, Redhat | 4 Got, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.3 Medium |
| The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | ||||
| CVE-2022-33980 | 4 Apache, Debian, Netapp and 1 more | 6 Commons Configuration, Debian Linux, Snapcenter and 3 more | 2024-11-21 | 9.8 Critical |
| Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. | ||||
| CVE-2022-33945 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | 8.2 High |
| Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33939 | 1 Yokogawa | 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more | 2024-11-21 | 7.5 High |
| CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. | ||||